<html>
<head><meta charset="utf-8"><title>cargo-upgrade-semver · general · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/index.html">general</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html">cargo-upgrade-semver</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="203202122"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203202122" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jeremiah Senkpiel <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203202122">(Jul 07 2020 at 20:58)</a>:</h4>
<p>(Sorry I have no idea how to use this chat tool)</p>
<p>It appears that <code>cargo upgrade</code> completely disobeys semver pinned patch versions. This is a clear violation of what semver users expect.... why is this the case?</p>



<a name="203202331"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203202331" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203202331">(Jul 07 2020 at 21:00)</a>:</h4>
<p>Can you give an example?</p>



<a name="203202620"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203202620" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jeremiah Senkpiel <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203202620">(Jul 07 2020 at 21:03)</a>:</h4>
<p><code>tide @ 0.11.0</code> specifies <code>async-sse @ 3.0.0</code>. Running <code>cargo update</code> in the Tide repo causes it to install <code>async-sse @ 3.0.1</code>, which does not satisfy a semver <code>3.0.0</code>.</p>



<a name="203202661"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203202661" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203202661">(Jul 07 2020 at 21:03)</a>:</h4>
<p>Note that <code>cargo upgrade</code> is an external Cargo subcommand that's supposed to replace dependencies in <code>Cargo.toml</code> with their newest available version; <code>cargo update</code> is a builtin subcommand that respects <code>Cargo.toml</code> versions and updates only dependencies in <code>Cargo.lock</code></p>



<a name="203202689"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203202689" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203202689">(Jul 07 2020 at 21:03)</a>:</h4>
<p>3.0.1 is semver-compatible with 3.0.0</p>



<a name="203202809"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203202809" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203202809">(Jul 07 2020 at 21:04)</a>:</h4>
<p>So <code>cargo update</code> is expected to update to that. In fact it should update to any 3.x.y version of <code>async-sse</code>.</p>



<a name="203202900"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203202900" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203202900">(Jul 07 2020 at 21:05)</a>:</h4>
<p>let me check how tide defines it</p>



<a name="203202937"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203202937" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203202937">(Jul 07 2020 at 21:05)</a>:</h4>
<p>Tide just has a default requirement</p>



<a name="203202999"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203202999" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203202999">(Jul 07 2020 at 21:06)</a>:</h4>
<p>If you require an <em>exact</em> semver version you need to use <code>dep = "=1.2.3"</code></p>



<a name="203203444"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203203444" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203203444">(Jul 07 2020 at 21:10)</a>:</h4>
<p>tide does this <a href="https://github.com/http-rs/tide/blob/master/Cargo.toml#L36">https://github.com/http-rs/tide/blob/master/Cargo.toml#L36</a></p>



<a name="203203564"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203203564" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203203564">(Jul 07 2020 at 21:11)</a>:</h4>
<p>but <span class="user-mention" data-user-id="319552">@Jeremiah Senkpiel</span>  can't use the exact semver version because it is a transitive dependency</p>



<a name="203203813"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203203813" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203203813">(Jul 07 2020 at 21:13)</a>:</h4>
<p><span class="user-mention" data-user-id="319552">@Jeremiah Senkpiel</span> why do you say that it disobeys semver?</p>



<a name="203205636"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203205636" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jeremiah Senkpiel <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203205636">(Jul 07 2020 at 21:29)</a>:</h4>
<p>3.0.1 is assumed _compatible_ with 3.0.0, but when specifying "x.x.x" the reasonable assumption would be "that exact version". I suppose <code>=</code> solves this but the default behavior is quite surprising and I am quite sure I will not be the last person to run into issues surrounding this.</p>



<a name="203205846"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203205846" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203205846">(Jul 07 2020 at 21:31)</a>:</h4>
<p>It is documented at <a href="https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html">https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html</a> fwiw</p>



<a name="203205891"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203205891" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jonas Schievink  [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203205891">(Jul 07 2020 at 21:31)</a>:</h4>
<p>As well as in the Rust book</p>



<a name="203206240"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203206240" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203206240">(Jul 07 2020 at 21:34)</a>:</h4>
<p><span class="user-mention" data-user-id="319552">@Jeremiah Senkpiel</span> A dependency version specified as <code>"3.0.0"</code> means <code>"^3.0.0"</code>, or in other words "semver compatible with 3.0.0". That allows <code>3.0.y</code> or <code>3.x.y</code>. The default is that way to ensure that the ecosystem can upgrade and move forward without massive friction, given semver compatibility. <code>=</code> is the uncommon case, and having to use it suggests that something has broken semver or some other unusual use case applies, so it isn't the default.</p>



<a name="203206242"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/cargo-upgrade-semver/near/203206242" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> bjorn3 <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/cargo-upgrade-semver.html#203206242">(Jul 07 2020 at 21:34)</a>:</h4>
<p><span class="user-mention" data-user-id="319552">@Jeremiah Senkpiel</span> What if somebody specified <code>1.0.0</code> and somebody else specified <code>1.0.1</code>? If the default was an exact match, then this would be an error, as cargo never duplicates semver compatible versions. When explicitly using an exact match this can already happen, but making exaxt matches the default would make it pretty much impossible to not happen.</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>